This year saw a sudden influx of ransomware starting with WannaCry in May, following which Mamba, Petya and Locky also made surprise visits. New variants of Locky ransomware had started targeting users a week back, and appear to have arrived in India as well. The Indian Computer Emergency Response Team (CERT-In) has now issued an alert for Locky ransomware warning users in India to stay cautious of it.
CERT-In advises all users to take caution while opening emails and to avoid those with suspicious file attachments. Organizations are also asked to use anti-spam solutions on their systems and update their spam block lists. In addition to this, the basic practices of installing certified anti-virus software on your system and updating it regularly is also advised. CERT-In has listed a set of measures to take in the wake of Locky ransomware.
Locky ransomware was released in 2016, and follows the same path of taking hold of your system, encrypting your files and demanding ransom to unlock it. Locky ransomware spreads through “zip” attachments sent via emails. These attachments contain Visual Basic Scripts (VBS) embedded in the zip file inside which, a downloader leading to the domain “greatesthits[dot]mygoldmusic[dot]com”. If you open the attachments and visit this website, variants of Locky ransomware will be downloaded to your system. ALSO READ: Government issues alert on new ransomware ‘Locky’
Once Locky ransomware enters your system, all files will be encrypted and the names will be changed with extensions “.lukitus” or “.diablo6”. Earlier the encrypted files on the system would be shown with the extension “.locky”. Post encryption, the desktop background on your system will be changed to one showing an “htm” file titled “Lukitus.htm” which contains instructions on how to pay the ransom amount. ALSO READ: New variants of Locky ransomware observed: eScan